I've just uploaded an update to AntiXSS, based on feedback we've received from developers looking at the library. This can be found on GitHub. I have also updated the original AntiXSS announcement post to point to the new release.
Since the release of the library, the two main areas of feedback we got from users of the library were:
- Why is it only Java 5 and above? We have a lot of Java 1.4 code.
- Why are the methods all named with UpperCamelCase? We use lowerCamelCase for all of our method names.
In brief, we've addressed the first issue but not the second in this release. You should find that AntiXSS will work with your Java 1.4 code as we've changed the underlying functionality to remove the dependency on Java 5. As for the method names, those are the names used in the Microsoft Anti-Cross Site Scripting (AntiXSS) v1.5 library for .NET applications of which this library is a port. As such, we've preserved the API as is, and think it would be counter productive to rename the methods, have duplicate methods with different capitalisation, or to ship an adapter interface with lowerCamelCase names.
Any feedback, bug reports, or reports of usage appreciated.